[Date Prev][Date Next]
Re: sane ppolicy choices
I also see that setting pwdLockout to TRUE and pwdLockoutDuration to 0
disables logins until enabled by an administrator. This works for my
needs. However, I don't see how to enable pwdLockout when some time
lapses or on specific date. Hence, I would probably need a cron job to
Please share your insights!
On Thu, Mar 5, 2015 at 11:35 AM, Igor Shmukler <email@example.com> wrote:
> I am trying to implement a trial [period] for new customers, using the
> OpenLDAP password policy overlay.
> I was thinking about setting a combination of pwdMaxAge, pwdMustChange
> and pwdAllowUserChange.
> Basically, the best idea I have had is to set MaxAge to the length of
> trial [in seconds] then in a user changes the password while in trial
> mode, calculate MaxAge as (trial_length - time_passed), then at the
> end setting MustChange to true and AllowUserChange to false [until the
> trial has been converted].
> Is that a sane policy? Should I be doing something totally different?
> Please advise.
> Igor Shmukler